Malicious TOR Exit Nodes Spying on Users and Stealing Bitcoin From Them.
ฝัง
- เผยแพร่เมื่อ 9 พ.ค. 2021
- In this video I go over the malicious exit node hacking that has been taking place on the TOR network over the past year. Someone has been attempting to do SSL downgrades and man in the middle attacks on users accessing bitcoin mixing services so that they can steal the crypto currency from mixer customers.
/ tracking-one-year-of-m...
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my TH-cam channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released. - วิทยาศาสตร์และเทคโนโลยี
Can't trust TOR exit nodes. Learned that from Mr. Robot.
Don’t sweat it. Scenes inaccurate and just serves as entertainment
@@mk1808 no theres a lot of realism in mr.robot and its probably the closest to the real deal
Oh yeah...
Damn, so this is a old problem.
@@XxjeffersonDkidxX this was a problem since Tor was created. That's why you don't log into personal accounts on Tor - you are identified immediately when you do it so Tor is useless. Tor with bad opsec is completely useless.
@@theeyenzier8190 big facts
I've always wondered who exactly has the balls to run an exit node.
Well, it turns out, if you really need money....
or a reason that is friendly with the local governments, like, say, monitoring the traffic.
@@auklin7079 yes, yes, but it's designed too well for anyone to monitor all the traffic.
@@Wheagg yes, yes. very design. such traffic. so doge. wow
@@milire2668 many exaggerated. Not doge. Much wow.
Bruh what is your upload schedule??? Everyday??? This is amazing! Keep up the great work!
He uploads when ever he wants and what ever he wants I guess
What the fuck is an upload schedule lmao sounds strenuous and pointless
It's called queuing content. Where you make content in advance and release it over time. It's not hard bro. You can make a months worth of videos in a week
Since he barely needs to edit (he doesnt even use intros...) that can allow him to upload faster and more often
I'm surprised the YT overlords let me catch this video uploaded after 5 min
they need to keep u hooked at all cost
@@toofle guaranteed, they might also have a thing against Bitcoin lol
@@BoanergesTWELF12 i'm making money on bitcoin, but it's not a good thing. TH-cam, if anything, should love bitcoin
@@gickygackers Well maybe Google just don't want to censor thing just like that? I mean I don't understand why would Google just shadow ban content creators for reason like "youtube love bitcoin".
AAAHH I'M LEAKINGGGG
Turned on by Mental?
We're not spooked. I mean, they're not spooked.
Found the glowie
@@tcroyce8128 You can see them when you're driving
@@gotengsk9010 You just run them over.
@@gotengsk9010👾💥🚐
*gasp* All my porn preferences! Leaked to Chinese hackers!
Your OS information and ip address got leaked so gg.
@@namelessguy933 how is that possible?
You the best thanks.
I believe most nodes are run by governments.
I’m not sure blocking plain http in transit - anywhere other than at the client or server - is the best approach. Why would you use http traffic? No idea, but if I’m the network provider, that’s not my decision. It’s up to the two endpoints to negotiate. The client should take the responsibility for refusing to agree to protocol downgrades. What client these days starts https, and then replies to a server (mitm or other) “http is fine by me!”? If that’s happening, stop.
I’m kinda surprised people still use bitcoin mixers to be honest. I thought coinjoin replaced the need for a 3rd party to obfuscate coin history
Who even still accepts btc for illicit transactions anymore, id be willing to say only feds are still accepting it, monero is completley anonymous and the best medium of exchange for any illicit activity, service, or good. Xmr to the moon!
SquigglesMcJr Yeah I’m a Monero Man too. The crash the last couple days got me in the red tho. Guess it’s time to stack up some more.
@@squigglesmcjr199 well selling xmr en masse is VERY hard, dump large xmr on any exchange and it makes every alarm go off
That's exactly why markets usually use bitcoin and it's pretty easy to sell
@@rajeshpandey2198 i have no intention of selling my monero.
@@squigglesmcjr199 market owners and big dealers do lol that's why bitcoin is still famous
Hey algorithm, this is good stuff.
Could you show a How-To on SSH over TOR and if there any risks are involved?
Thank you
How do they kno if node is compromised
Hi can you tell me what happens if I connected to an exit note in clear web with chrome browser, which was flagged by virus total as malicious malware and brute force?
I reinstalled my phone my browser data was cleared is that enough already ?
Great video, thanks!
I'd also advise you look up to investing and making huge profit in Bitcoin with Paul Tudor Jones he's currently managing my crypto profitlio and making great return's
WhatsApp him on
+1/4/6/9/5/3/2/4/2/5/6
1. if an isp does not allow exit nodes can you run the exit node over a vpn and would the isp know about the exit node activity.
2. can you be able to connect multiple tor circuits together by connecting an exit node to the next circuit's entry node and so on to furtherly anonymize you?
3. can they automate the detection of bad exit nodes by pinging them and see if the traffic stays encrypted and then checking the hash values of the packets?
About 2:
I guess you can, but the whole reason why Tor uses 3 nodes is because 2 is too weak and going over 3 sacrifices too much usability for almost no gain.
Running an exit node over a VPN is kind of an asshole move to the VPN and its users, to be honest.
@@user-sg1lq8qx7g if you want to run an exit node and your isp sais no because of the inability to determine tor traffic from your own traffic then a vpn would help
@@ejonesssA tor relay requires that your IPv4 address is unchanged for at least 3 hours (static addresses are preferred). Assuming you can get that with your VPN, you would just be moving the issue. Now the VPN (and their users) won't like it because one of their IPs started getting blocked from some regular websites. And you also increase the path your packets travel, adding latency and minimizing bandwidth.
Your VPN's ISP will know.
2:35 If you aren't downloading executables or enabling JavaScript, how does that occur?
WhatsApp him on
@@williamsrobert996 You sounding hella sus, g. Cut the scammy spammy spam.
If they can control the data going in and out then they can inject malicious code or programs
@@salt6873 They cant really control the data because they dont see the contents that either party sends, but of course they could send back a redirect to a bad site (on purpose)
Reminds me kinda mr. robot scene(exit nodes and tor )
Well then i suppose it's a good thing i use, MONERO!
If the exit nodes are known IPs would not the hack controlled nodes been traceable?
Nice
Exit relay is unavoidable right?
But, the question that remains in the air, how to keep hidden and safe in the exit relay? (using the device at home)
How secure is visiting Onions site with HTTPS
How does my exit node see my internet as
and how ISP see my internet as?
quick summary:
1. Depends
2. They decrypt it so they can read it
3. They can see you are using tor, but nothing other than that, as far as I know. I'm not exactly a tor expert by any means. I just know a tiny bit.
@@subliminalcastillo2126 You can't decrypt HTTPS lol. You can exploit via related-factors but not the logic of the HTTP"S"
You can use things like bridge on TOR so your ISP wouldn't know. It's famous for countries that block TOR and users get around with it especially if your ISP has Nation-level DPI.
@LazicStefan That's why I said related-factors. But the guy said "decrypt" which in cryptography is realistically impossible to crack the encryption.
Juicy content 🥵🥵🥵
6:05 in the EU it shouldn’t, because you cannot be made responsible if you are only redirecting traffic for other people
you still part of an investigation. you shouldnt be guilty before a court but thats it....
Interesting how bitcoin mixers on the clearnet are used so often. People clearly misplace their opsec. Great video as always!
Who even runs the exit nodes if most Internet provides dont allow it?
Glowies.
Thks I'm getting to get a laptop & when I'm traveling, I want to run Tails/TOR.
?Will any namebrand 11th Gen Intel Core i5-1135G7 laptop work-well with Tails/TOR?
İt should
Why would they not?
@@Vsimpro I thought I would simply ask someone with good empirical experience on the subject whether than rationalizing why or why not they work (I don't have the-time for that sort-of-thing).
@@tombouie nothing wrong in asking! I dont have first hand experience, but I'd imagine that since most distros work on most intel cpu's, Tails and tor will work just fine on that specific laptop. The reason why I asked "Why not" is to see if you had some knowledge of tails not working on some specific config, therefor wondering if it worked on that one. Ofc you can always try to google it aswell.
I'd like to point out an issue with forcing HTTPS on tor, though, the main issue is that no CA is ever going to sign certificates for HTTPS tor sites, so what people end up having to do is self-sign, which leads to a similar warning about the site being insecure because literally anyone can make a self-signed certificate, on the other hand, getting a CA to sign an onion site defeats the entire point of a tor website, which is that the website's host is as anonymous as any other tor user. This is likely going to be the main issue, since all modern browsers warn against both http-only and self-signed https sites, and thus Tor Browser should be no different on that end. Which means idiots who use Tor Browser likely realized something like this and decided to default to ignoring the warnings rather than making sure the certificate fingerprints are always the same on whatever site you're visiting.
gg
He isn't talking about onion sites, but tor exits to clearnet. You don't need certificates for onion sites. For regular sites anyone can get a certificate with Let's Encrypt, though there isn't an issue with stealing data (except for social engineering) unless there is an underlying flaw with the protocol. The issue here is that clearnet operators aren't doing enough to stop http downgrade attacks and people aren't doing enough to ensure their browser doesn't capitulate to such attacks. I agree with your end conclusion, but your reasoning for it is wrong.
Tor doesn't need certificates because the website names are the websites public key themselves. Certificates are only needed when you connect by ip or by (domain) name.
As two others have already said, there is no reason to use self-signed certificates for onion sites (or tor sites), it is already encrypted and authenticated, you know you are talking to the correct computer.
There are also actually CAs that do onion sites, see facebook or duckduckgo's onion sites (signed by DigiCert as EV certificates), for normal people I think it costs $30 at Harica.
@@notuxnobux the risk is having the wrong onion adress...
Yos
LETS GOOOOOO
If your traffic is flowing through someone's computer, like isp, proxy, vpn or a tor exist node, it's very possible to eavesdrop even https traffic by attacking initial tls handshake to intercept keys (I learnt this from quora)
ISP is less likely to do this because once they caught up, they'll face a lots of legal troubles, but vpns, free proxies and tor exist nodes, they aren't trustworthy.
If you really need the protection given by tls encryption and you are not directly connected to the internet via your trustworthy isp, use onion services. Green padlock may not safe as you think.
Onion service technology allows us trust less safe communication.
>it's very possible to eavesdrop even https traffic by attacking initial tls handshake to intercept keys
this is not possible because of certificate verification
@@notuxnobux yes, but there are valid fake certificates out there (corrupt CAs). I read about months ago
As a total noob to Tor and internet security, I always wondered if you could use a VPN and Tor at the same time for more security.
@@plaane things like ProtonVPN or those other commercial ones
I think it is a "virtual private network"
Like I said I am a total noob so I know nothing.
@plaane LOOOL hypixel blitz player
@@plaane what are non-commercial VPNs?
@@plaane Hey, could you explain what is non-commercial VPN?
I can't help but think you sound like vegan gains lol. Great videos though. Thanks.
woah ! you could totally get an arduino !!
Never heard of BTC laundering...
monkaW
I've never been on Tor but there is 100s of nodes on my network
"bitcoin mixers" I suppose bitcoin tumblers got renamed at some point
i wonder when the first "bitcoin mixer" does a big exit scam.
Is monero an alternative to bitcoin mixing?
No. It’s an alternative to Bitcoin. The reason why you might be making this mixup is because Monero is often cited as being more private than BTC because the technology encrypts your transaction and Monero amounts by default. To accomplish this with BTC, people used to try using tumblers, which I think is what you’re referring to
@@stackspace no what he means is u send btc to an exchange w no kyc info, swap to xmr, send xmr to another non kyc exchange, swap to btc and send to a new wallet
it’s untraceable because when u go to xmr and a new exchange it breaks the kyc chain
Zcash
yes.
SIMPLE, DONT USE BTC ON TOR, USE XMR.
Is it unsecure to use orbot over adguard on android??
I'd advise that, before you do that, you make sure things like the keyboard aren't keylogging you, and even then there's probably a million services in the background that don't respect privacy either. Since Orbot is official, the only other red flag is adguard. Check the privacy policy's data collected section for that.
Doesn't brave have httpseverywhere built in?
I don't think so. But Tor Browser does.
Yes.
This is sad. Time to develop and introduce a mechanism, which makes it impossible for exit nodes to do so. And I actually dont know if I'd rather have a government or some criminal who doesnt know who exactly I am spy on me. Would be great if its neither of the two.
even my phone can run tor using termux
Monero...?
Hard to purchase anonymously.
@@papagunit mine it??
@@papagunit you can still get it on Exodus wallet.
@@squigglesmcjr199 mining it is too difficult at this point
@@papagunit na i doubt it, your thinking in terms of profitability at current price, i dont care about current price when its going 500x over 5 years or less. Its a cpu mined algo anyway, i got lots of idle cpu's
Could the government do the same but to track you?
Probably if there exit nodes are allowed on tor
Government is funding 80% of TOR foundation, think about that, 😂 TOR is a honeypot to catch criminals!
@@freedomisdead9638 Only because you fund something, doesn't mean you control it.
@@Cookiekeks
It s like saying fire doesn t mean hot!
The whole purpose of financing and funding is controlling! Man your answer is senseless!
@@freedomisdead9638 There are tons of security researches constantly trying to find ways to break the system, and you come along and say "they fund it so they must control itt!!!1". That's silly.
Who else watch TH-cam video on Tor?
epic gamer
If the exit nodes are capable of doing a man in the middle attack then that must mean they can do a dns spoofing homograph attack, in other words tor isn't actually safe unless you add a VPN on top of tor or custom dns servers
Wouldn't it be blatantly obvious if they were dns spoofing on a TLS encrypted connection?
@@BurgerKingHarkinian I'm not familiar with this technical knowledge so excuse my ignorance. But how is a dns spoof obvious or evident?
@@_VISION. because the dns record would point at some server that is not controlled by the actual owner of the site, that server would be unable to provide a valid TLS certificate for that site and would either have to provide an untrusted, self-signed certificate or a certificate for a different domain.
The browser would immediately detect that the certificate is coming from an untrusted certificate authority or that the certificate doesn't match the domain that the user was trying to access and show the user a fat red warning message which they would have to ignore and press "advanced options" and "accept exception" or something like that.
Which you should never ever have to do except in very rare cases like when you are trying to access your router on port 443 or something like that.
So just NEVER click through these warnings and you will be a-ok. If you ever do see such a warning (which I never have), create a new circuit instead and reload.
@@BurgerKingHarkinian Oh okay I have seen this before on the main net with some websites.
Does this also happen with .onion sites on tor?
@@_VISION. oh great, my detailed answer just vanished! Fml...
In short:
yes, I've seen that on a few small sites too but that is an admin fuckup and should not happen.
And no, hijacking onion sites like that is not that trivial and I'd even go as far as to say it's not actually possible at all. Search for "tor hidden services" for more details.
Gee, if only someone created a coin with a built in mixer so people don't have to use third party solution. Oh wait they did. Gee maybe people should be using that if mixing is needed instead of relying on third party solutions.
Also i'd like to see someone laudering bitcoins today with 40$ a pop transaction fees if you want it not to take months
I think there is such a thing, XMR anyone????
Tutorial
EVERY. ONE. IS. GETTING. HACKED. WHY?
Algo algo algorithm!
The whole point is not making money but why are you using Tails or Tor ?
This is where intelligence agency steps in
yup , all these vpn tor craps only good if you trust their network , you shouldnt :P
I had 2 bitcoin or something like that stolen this way😢
It's always fun to hear americans and others complain about their ISPs prohibiting access to specific Website or services or whatever, here in germany our ISPs dont care, they will let you do anything you want
Germany's internet is not as free as you claim it to be either. There have been cases of dns blocking as well. Ever heard of the new CUII for example?
Didn't germany make the network enforcement act?
A russian hacker lol
whe mixing bitcoins for "totally legit purposes" fuck that was funny
i do understand that some parts of the world absolutely need tor for secure news, activism, emergencies... Some parts of the world probably would be safer avoiding it. I have never had so many unintended side effects only trying to follow the practice of using it. I in my ignorance of networking systems & security and followed hype of sending all my traffic through... So much monitoring, taking over mobile devices, and general annoyance came from it. If i was in a country in dire straits, i get it. If all im trying to do is read the arch wiki, i have found that a vpn & security gateway firewall set up well is much better at not attracting unwanted attention from tor users.
I don't trust Tor. Mostly because I don't trust anything at all.
Omg Sell Bitconfetti. Before it is actually turned into Bitconfetti.
What??
So much white damn
This is 444th like
Who woulda guessed, lmao.
second. im built different.
nope, 7th
First
nope 5th
first
nope, third
Wow only 61 cooments
Brave is superior to tor browser, just because it is based on chromium and is more secure in that aspect. You can install addons yourself.
Tor Browser is superior to brave when it comes to anonymity.
@@eds7406 why?
1. you shouldn't install addons because they can be used to fingerprint you
2. brave lacks a lot of the privacy features (disabling javascript is one of the main ones)
3. chromium is awful tor is based off of mozilla's firefox which has a much much better reputation when it comes to privacy
@@Penderdrill 1. that would e a point for brave
2. you can disable javascript without addon
3. sheeps follow reputations. wolfs follow facts
-For anonymity = Tor browser.
-For privacy (yes, it's not the same) = hardened firefox.
-For security = brave.
Just connect to a VPN via TOR, problem fixed
That's not a fix tho. The data is still unencrypted when it leaves the vpn. So you only move the problem somewhere else.
@@iTzStick still better than some random exit node ;/ . Of course thats not the solution.
FIRST IM SO PROUD
nope, second
When tor and vpn is not save ,how can blackhat hackers stay invisible when they run exit node servers how can not the police catch them or other white head hackers i cant understand how is this possible everytime i hear stuff lile this my mind is blowing every good it specialist’s say vpn or tor is not save and how can they guys run servers there make criminal things and no one knows where they are !!! Please can you explain that
tor as a deanonymization tool is safe generally speaking, BUT ONLY when you don't make OpSec mistakes. All people that got deanonymized did opsec mistakes. 100% safe is nothing. People use these tools and people make mistakes.